CVE-2022-38981 The HwAirlink module has an out-of-bounds read vulnerability. Successful exploitation may cause information leakage.

When this module is enabled and a user tries to access a web-application from a malicious or compromised host, the HwAirlink module may return a specially crafted HTTP response that contains sensitive information from the application.

CVE-2023-38982

When this module is enabled and a user tries to access a web-application from an insecure host, the HwAirlink module may return a specially crafted HTTP response that contains sensitive information from the application.

CVE-2023-32872

When this module is enabled and a user tries to access a web-application from a malicious or compromised host, the HwAirlink module may return a specially crafted HTTP response that contains sensitive information from the application.
CVE-2024-34101
When this module is enabled and a user tries to access a web-application from a malicious or compromised host, the HwAirlink module may return a specially crafted HTTP response that contains sensitive information from the application.

Mitigation Strategies:

One mitigation strategy is disabling the HwAirlink module. To do so, use the following command:

-module load hw-airlink
Another mitigation strategy is to modify each website's hosts file such that any suspicious hostname is returned a special 404 error message.

HwAirlink - HTTP/HTTPS Traffic Logging Module

A web-application security module, HwAirlink, is included with the operating system. This module intercepts HTTP and HTTPS traffic and logs the captured information for possible later investigation. The module includes a customizable proxy service that can be used to direct HTTP/HTTPS traffic from the user's computer to another machine. When this module is enabled and a user tries to access a web-application from a malicious or compromised host, the HwAirlink module may return a specially crafted HTTP response that contains sensitive information from the application.

Recommendations

There are many different methods and approaches to prevent an attack like this from happening. One of the best ways is to ensure that your web application's (app) SSL certificate is valid, even if they're not using https. Another way is to ensure that your app doesn't contain any sensitive information. This would be an easy fix for many web applications.
If you're worried about this happening to you, it's best to implement a solution now. However, if you don't have the time or resources, there are companies that offer app security services. In particular, Trustwave has a comprehensive mobile app security service that offers 24/7 monitoring of all apps in their system, so you can rest assured your phone will be safe when you're on the move.

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/18/2022 12:32:00 UTC

References

• https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38981